Order your new iMac 5K now & save hundreds in tax: Apple Price Guides updated Oct 29th (exclusive coupons)
The New AppleInsider App
 


Friday, June 24, 2011, 09:00 pm PT (12:00 am ET)

Hacker pleads guilty to breaching AT&T to obtain iPad user email addresses

One of the computer hackers allegedly responsible for gathering email addresses of iPad customers from the AT&T servers has pleaded guilty and could face up to five years in prison per charge.

Accused hacker Daniel Spitler pleaded guilty to identity theft and conspiracy to gain unauthorized access to computers, The Wall Street Journal reports. Spitler is allegedly part of the Goatse Security hacking group that orchestrated a security breach of AT&T's servers shortly after the launch of the original iPad.

"Computer hackers are exacting an increasing toll on our society, damaging individuals and organizations to gain notoriety for themselves," said U.S. Attorney Paul Fishman. "Daniel Spitler's guilty plea is a timely reminder of the consequences of treating criminal activity as a competitive sport."

Sentencing is set for Sept. 28. Meanwhile, Andrew Auernheimer, the other hacker accused in the case, is currently engaged in plea negotiations, according to a letter filed with the court by his lawyer last month.

In June of last year, hackers exploited a security flaw on AT&T's web servers to obtain email addresses from the SIM card addresses of at least 114,000 iPad 3G users. Though the attack was originally thought to be a sophisticated hack, the actual exploit used an automated script to submit HTTP requests for thousands of possible serial numbers and collect AT&T's responses.

Alleged hacker Daniel Spitler

Credit: Bill Kostroun/AP Photo


Following the breach, AT&T issued a statement. "This issue was escalated to the highest levels of the company and was corrected by Tuesday. We are continuing to investigate and will inform all customers whose e-mail addresses... may have been obtained," the company said.

Security experts have downplayed the breach as having "no direct security consequences," as emails and ICC IDs were the only personal information obtained during the hack.

The FBI quickly initiated an investigation into the incident. A week after the breach, Auernheimer was arrested by the FBI on separate felony drug charges.

Auernheimer claims that his "Goatse Security" group waited to disclose the flaw until AT&T had fixed the problem, but AT&T has criticized the group for going public with it. Prosecutors charged Spitler and Auernheimer in January.

Auernheimer

Andrew Auernheimer's booking photo, via the Washington County Detention Center.